If someone(who is now no longer my friend) put a trojan in the startup folder on my computer, did the server activiate when i restarted to install my new printer drivers?
Printable View
If someone(who is now no longer my friend) put a trojan in the startup folder on my computer, did the server activiate when i restarted to install my new printer drivers?
most likely... depends on WHAT trojan he put in there... do you know which one it was?
If it works...yes
Please update your AV product and do a full scan, heuristics on, scan ALL files etc.
Get Ad-aware from Lavasoft and run that.
Get SpyBot Search & Destroy and run that.
You should also be running a firewall, Zone Alarm is a reasonable free one.
Hope this helps...good luck
I got it... i downloaded trojan killer(or something with a name like that) and had it kill it. Also, i run norton internet security firewall(thats ok right) and i have Norton Antivirus. I think i'm doing fine lol.
out of curiousity... what trojan did ur "friend" put in the startup, did you notice?
I think it was sub7(because it was listening on port 27374) can't be sure though.
ya, could be.... but ur AV didn't pick up on it?!?!???!
Norton ANtivirus won't tell you a virus is there unless you are looking at the folder(i don't know why) but i portscanned myself and saw 27374 open so i freaked out and looked for where i could have got it form and i saw "server.exe"(he could have been a little more creative than that couldn't he) in my startup folder so then i scanned with AV and got it. I know it was a stupid question to post here but i really wanted to know if thats where ig ot it from or it there were more than one on my computer at once.
well u could use a firewall to block access to those ports.....search for posts on personal firewalls here on AO...and also u can run msconfig to remove unwanted softwares at startup....remove anything unwanted from ur startup folder......
and use this tool called winstartup to see and remove unwanted software that starts from regsitry
http://www.rjlsoftware.com/software/.../default.shtml
hope would help u and others too
hmm U mean you haven't done a full scann with NAV?
Besides.. this also means that NAV was turned off while your friend installend the Trojan
It also means NAV was off whe YOU restarted the machine..
Or You or your friend changed the setting in NAV to prevent the Activescan
Run the removal tools in safemode.. also there are tuts on the removal of Sub7..try one of these links:
http://www.hackguard.net/sub7adv3.htm
http://www.geocities.com/Pentagon/Qu...new/sub7guide/
http://www.google.com/search?sourcei...emoval+of+sub7
I do recommend the third link..
Cheers